Displaying a simple error page from a flow

[Cantor, Scott]

On 12/7/16, 3:48 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

> On the same project as I was working on earlier this week with a customized MFA flow, I want to display a message to
> users if they haven't enrolled for a Duo token but the SP they're signing into requires Duo.

Is the message a terminating one, or a mid-flow one that would be expected to let them resume what they were doing? That's a major distinction in terms of approach.

> I was going to create a flow for this purpose, but after reading the V3 authentication docs, it seems like a lot of work to
> create a custom authn flow that simply displays a velocity template with a static message.

No, that's not an authn flow no matter what.

> Is there any way to throw an exception from within a script in the MFA configuration that I could map to a specific error
> message within error.vm and related messages?

Yes, but that's if you want to terminate.

> Or is there some other easy way to have a custom message or velocity template displayed that I'm not thinking of?

Displaying a message mid-flow requires a flow, but a flow is very simple to build if all it has to do is render a single view, I can give you an example in like 10 lines if you need it, it's just a flow file with a view-state in it.

The MFA transition rules can run *any* webflow, not just "login flows". A login flow is something that follows a set of in/out guarantees and is expected to authenticate the subject, so that's a very different animal from just a simple ordinary "do something interesting" webflow stuck in the middle of the sequence.

-- Scott